Add logging to DNAT rules (#264)

* Add some more on_boot..d examples * Add logging to DNAT rules
2024-08-30 18:32:21 +00:00 · 2021-11-16 16:51:48 +01:00 · 2021-11-16 16:51:48 +01:00 · 68cd6df6ab
commit 68cd6df6ab
parent 97a94faf74
1 changed files with 21 additions and 17 deletions
--- a/dns-common/on_boot.d/10-dns.sh
+++ b/dns-common/on_boot.d/10-dns.sh
@ -38,52 +38,56 @@ if ! test -f /opt/cni/bin/macvlan; then
 fi
 # set VLAN bridge promiscuous
-ip link set br${VLAN} promisc on
+ip link set "br${VLAN}" promisc on
 # create macvlan bridge and add IPv4 IP
-ip link add br${VLAN}.mac link br${VLAN} type macvlan mode bridge
+ip link add "br${VLAN}.mac" link "br${VLAN}" type macvlan mode bridge
-ip addr add ${IPV4_GW} dev br${VLAN}.mac noprefixroute
+ip addr add "${IPV4_GW}" dev "br${VLAN}.mac" noprefixroute
 # (optional) add IPv6 IP to VLAN bridge macvlan bridge
 if [ -n "${IPV6_GW}" ]; then
-  ip -6 addr add ${IPV6_GW} dev br${VLAN}.mac noprefixroute
+  ip -6 addr add "${IPV6_GW}" dev "br${VLAN}.mac" noprefixroute
 fi
 # set macvlan bridge promiscuous and bring it up
-ip link set br${VLAN}.mac promisc on
+ip link set "br${VLAN}.mac" promisc on
-ip link set br${VLAN}.mac up
+ip link set "br${VLAN}.mac" up
 # add IPv4 route to DNS container
-ip route add ${IPV4_IP}/32 dev br${VLAN}.mac
+ip route add "${IPV4_IP}/32" dev "br${VLAN}.mac"
 # (optional) add IPv6 route to DNS container
 if [ -n "${IPV6_IP}" ]; then
-  ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
+  ip -6 route add "${IPV6_IP}/128" dev "br${VLAN}.mac"
 fi
 # Make DNSMasq listen to the container network for split horizon or conditional forwarding
-if ! grep -qxF interface=br$VLAN.mac /run/dnsmasq.conf.d/custom.conf; then
+if ! grep -qxF "interface=br${VLAN}.mac" /run/dnsmasq.conf.d/custom.conf; then
-    echo interface=br$VLAN.mac >> /run/dnsmasq.conf.d/custom.conf
+    echo "interface=br${VLAN}.mac" >> /run/dnsmasq.conf.d/custom.conf
-    kill -9 `cat /run/dnsmasq.pid`
+    kill -9 "$(cat /run/dnsmasq.pid)"
 fi
-if podman container exists ${CONTAINER}; then
+if podman container exists "${CONTAINER}"; then
-  podman start ${CONTAINER}
+  podman start "${CONTAINER}"
 else
-  logger -s -t podman-dns -p ERROR Container $CONTAINER not found, make sure you set the proper name, you can ignore this error if it is your first time setting it up
+  logger -s -t podman-dns -p "ERROR Container ${CONTAINER} not found, make sure you set the proper name, you can ignore this error if it is your first time setting it up"
 fi
 # (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
 for intfc in ${FORCED_INTFC}; do
  if [ -d "/sys/class/net/${intfc}" ]; then
    for proto in udp tcp; do
      prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j LOG --log-prefix [DNAT-${intfc}-${proto}]"
      iptables -t nat -C ${prerouting_rule} 2>/dev/null || iptables -t nat -A ${prerouting_rule}
      prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
-      iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
+      iptables -t nat -C ${prerouting_rule} 2>/dev/null || iptables -t nat -A ${prerouting_rule}
-      
+
      # (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
      if [ -n "${IPV6_IP}" ]; then
        prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j LOG --log-prefix [DNAT-${intfc}-${proto}]"
        ip6tables -t nat -C ${prerouting_rule} 2>/dev/null || ip6tables -t nat -A ${prerouting_rule}
        prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
-        ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
+        ip6tables -t nat -C ${prerouting_rule} 2>/dev/null || ip6tables -t nat -A ${prerouting_rule}
      fi
    done
  fi